BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 3 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 3
Topic #: 1
[All CCFR-201 Questions]

When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, global prevalence is a field that indicates how frequently the hash of a file is seen across all CrowdStrike customer environments1.A global prevalence of common means that the file is widely distributed and likely benign1.However, if you do not know what the executable is, you may want to investigate it further to confirm its legitimacy and functionality1.One way to do that is to click the VT Hash button from the detection, which will pivot you to VirusTotal, a service that analyzes files and URLs for viruses, malware, and other threats1.You can then see more information about the file, such as its name, size, type, signatures, detections, comments, etc1.


by Adelina at Oct 03, 2023, 09:41 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel